Amendments In the Claims 



1-31. Canceled. 

32. (Currently Amended) A method of processing a packet comprising: 
configuring a plurality of access control specifiers in an access control element 

according to a priority of a type of each access control specifier, wherein 
the type of an access control specifier corresponds to information in an access 
control entry; 

matching one or more characteristics of said packet with one or more of the access 
control specifiers in at l e ast on e acc e ss control e lement ; 

selecting a high e st priority match corresponding to an access control specifier with a 
highest associated priority bas e d on a typ e of an access control sp e cifi e r of th e 
high e st priority match, wh e r e in th e type of the acc e ss control sp e cifier of th e 
high e st priority match is r e lat e d to an e l e m e nt of a pack e t h e ad e r to which th e 
acc e ss control sp e cifi e r of th e high e st priority match is responsive ; and 

processing said packet based on said selecting. 

33. (Previously Presented) The method of claim 32, wherein said access control 
element is a content addressable memory. 

34. (Previously Presented) The method of claim 32, wherein said matching and 
said processing is done in parallel. 

35. (Previously Presented) The method of claim 32, wherein said characteristics 
of said packet comprises one or more of a source address, a destination address, a source 
port, a destination port, a protocol type, an input interface and an output interface. 

36. (Previously Presented) The method of claim 32, wherein said characteristics 
of said packet comprises data carried by said packet in a packet header. 

37. (Previously Presented) The method of claim 32, further comprising: 
receiving said packet. 
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38. (Previously Presented) The method of claim 32, further comprising: 
identifying one or more of said access control specifiers based on said matching. 

39. (Currently Amended) The method of claim 37 38, further comprising: 
prioritizing said one or more of said access control specifiers identified based on said 

matching to generate a set of prioritized access control specifiers. 

40. (Previously Presented) The method of claim 39, wherein said prioritizing is 
done in parallel by a priority encoder. 

41. (Previously Presented) The method of claim 39, wherein said prioritizing is 
done based on an address of said access control specifiers in said access control element. 

42. (Previously Presented) The method of claim 39, wherein said processing is 
done based on said set of prioritized access control specifiers. 

43. (Previously Presented) The method of claim 32, wherein said processing 
further comprising: 

if said packet requires processing by a higher-level processor, 
forwarding said packet to said higher-level processor. 

44. (Previously Presented) The method of claim 32, further comprising: 
if said packet requires dropping, 

dropping said packet. 

45. (Previously Presented) The method of claim 32, further comprising: 
if said packet requires forwarding, 

forwarding said packet. 

46. (Currently Amended) A system for processing a packet comprising: 
one or more access control specifiers, wherein 

said one or more access control specifiers are of one or more types of access 
control specifiers, and 

said one or more types of access control specifiers being related to 

information in an access control entry on e or mor e e l e ments of a 
pack e t h e ader to which said on e or mor e acc e ss control sp e cifiers is 
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r e sponsive ; 
an access control element, wherein 

said access control element is configured to 

store said one or more access control specifiers according to a priority 

of the type of each access control specifier, and 
match one or more characteristics of said packet with one or more 
access control specifiers ; and 
a priority encoder coupled to said access control element, wherein 
said priority encoder is configured to 

prioritiz e in parall e l said on e or mor e acc e ss control sp e cifiers match e d 

with on e or mor e charact e ristics of said pack e t, and 
select a highest priority match based on said one or mor e the priority 
of the types of access control specifiers. 

47. (Currently Amended) The system of claim 46, wherein said priority encoder 
is further configured to 

prioritize said one or more access control specifiers match e d with said on e or mor e 
charact e ristics of said pack e t according to an address of said one or more 
access control specifiers in said access control element. 

48. (Currently Amended) The system of claim 46, further comprising: 

a compare unit coupled to said access control uak element, wherein said compare unit 
is configured to compare said one or more characteristics of said packet with 
one or more values. 

49. (Previously Presented) The system of claim 48, wherein said one or more 
values are predetermined. 

50. (Previously Presented) The system of claim 48, wherein said one or more 
values are dynamically determined. 
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5 1 . (Previously Presented) The system of claim 48, wherein said compare unit is 
further configured to 

perform arithmetic operation on data carried by said packet in a packet header. 

52. (Previously Presented) The system of claim 48, wherein said compare unit is 
further configured to 

perform logical operation on said data carried by said packet in said packet header. 

53. (Previously Presented) The system of claim 46, wherein said access control 
element further comprising: 

an access control memory. 

54. (Previously Presented) The system of claim 53, wherein said access control 
memory is a content-addressable memory. 

55. (Previously Presented) The method of claim 53, wherein said access control 
memory stores at least one of said access control specifier. 

56. (Previously Presented) The system of claim 53, wherein said access control 
specifier further comprising: 

a label match mask configured to determine whether a first corresponding bit of said 
one or more characteristics of said packet is tested; and 

a label match pattern, wherein said label match pattern is compared with a second 
corresponding bit of said one or more characteristics of said packet. 

57. (Previously Presented) The system of claim 46, further comprising: 

a processor, coupled to said access control element, said processor is configured to 
process said packet when said packet is not processed by said access control 
element. 

58. (Previously Presented) The system of claim 46, further comprising: 

at least one input port coupled to said access control element, wherein said input port 

is configured to receive said packet; and 
at least one output port coupled to said access control element, wherein said packet is 

forwarded via said output port. 
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59. (Currently Amended) A system for processing a packet comprising: 
means for configuring a plurality of access control specifiers in an access control 

element according to a priority of a type of each access control specifier, 
wherein 

the type of an access control specifier corresponds to information in an access 
control entry; 

means for matching one or more characteristics of said packet with one or more of the 
access control specifiers in at l e ast one acc e ss control e l e m e nt ; 
means for selecting a match corresponding to an access control specifier 
with a highest associated priority; and 

means for processing said packet based on said matching. 

60. (Previously Presented) The system of claim 59, wherein said access control 
element is a content addressable memory. 

61 . (Previously Presented) The system of claim 59, wherein said matching and 
said processing is done in parallel. 

62. (Previously Presented) The system of claim 59, wherein said characteristics 
of said packet comprises one or more of a source address, a destination address, a source 
port, a destination port, a protocol type, an input interface and an output interface. 

63. (Previously Presented) The system of claim 59, wherein said characteristics 
of said packet comprises data carried by said packet in a packet header. 

64. (Previously Presented) The system of claim 59, further comprising: 
means for receiving said packet. 

65. (Previously Presented) The system of claim 59, further comprising: 
means for identifying one or more of said access control specifiers based on said 

matching. 
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66. (Currently Amended) The system of claim 64 65, further comprising: 
means for prioritizing said one or more of said access control specifiers identified 

based on said matching to generate a set of prioritized access control 
specifiers. 

67. (Previously Presented) The system of claim 66, wherein said prioritizing is 
done in parallel by a priority encoder. 

68. (Previously Presented) The system of claim 66, wherein said prioritizing is 
done based on an address of said access control specifiers in said access control element. 

69. (Previously Presented) The system of claim 66, wherein said processing is 
done based on said set of prioritized access control specifiers. 

70. (Previously Presented) The system of claim 59, wherein said processing 
further comprising: 

means for forwarding said packet to said higher-level processor if said packet requires 
processing by a higher-level processor. 

71. (Previously Presented) The system of claim 59, further comprising: 
means for dropping said packet if said packet requires dropping. 

72. (Previously Presented) The system of claim 59, further comprising: 
means for forwarding said packet if said packet requires forwarding. 

73. (Previously Presented) A system comprising: 

means for maintaining a set of access control patterns in at least one associative 
memory; 

means for receiving a packet label responsible to a packet, said packet label being 
sufficient to perform access control processing for said packet; 

means for matching matchable information, said matchable information being 

responsive to said packet label, with said set of access control patterns in 
parallel; 

means for generating a set of matches in response thereto, each said match having 
priority information associated therewith; 
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means for selecting at least one of said matches in response to said priority 

information, and generating an access result in response to said at least one 
selected match; and 

means for making a routing decision in response to said access result. 

74. (Previously Presented) The system of claim 73 further comprising: 
means for choosing a first one of said matches. 

75. (Previously Presented) The system of claim 73, further comprising: 
means for determining an output interface for said packet. 

76. (Previously Presented) The system of claim 73, further comprising: 
means for implementing a quality of service policy. 

77. (Previously Presented) The system of claim 73, further comprising: 
means for permitting or denying access for said packet. 

78. (Previously Presented) The system of claim 73, further comprising: 
means for making a preliminary routing decision for said packet. 

79. (Previously Presented) The method of claim 73, further comprising: 
means for determining at least one output interface for said packet. 

80. (Previously Presented) The system of claim 73, further comprising: 
means for preprocessing said packet label; and 

means for generating said matchable information. 

81. (Previously Presented) The system of claim 79, further comprising: 

means for performing one or more of an arithmetic, logical, and comparison operation 

on said packet label; and 
means for generating a bit string for said matchable information in response to said 

arithmetic, logical, and comparison operation. 

82. (Previously Presented) The system of claim 73, further comprising: 
means for comparing a field of said packet label with an arithmetic range or mask 

value. 

-8- Serial No.: 10/087,342 



PATENT 



83. (Previously Presented) The system of claim 73, further comprising: 
means for comparing a source IP port value or a destination IP port value with a 

selected port value. 

84. (Previously Presented) The system of claim 73, further comprising: 
means for postprocessing said selected match to generate said access result. 

85. (Previously Presented) The system of claim 73, further comprising: 
means for accessing a memory in response to a bitstring included in said selected 

match. 

86. (Previously Presented) The system of claim 73, further comprising: 
means for declaring whether to permit or deny access of a set of packets. 

87. (Previously Presented) The system of claim 73, further comprising: 
means for receiving a sequence of access control specifiers; 

means for translating said sequence of access control specifiers into a sequence of 

access control patterns; and 
means for storing said sequence of access control patterns in said associative 

memory. 

88. (Previously Presented) The system of claim 73, further comprising: 
means for generating a single one of said access control patterns in response to a 

plurality of said access control specifiers. 

89. (Previously Presented) The system of claim 73, further comprising: 
means for generating a single one of said access control patterns in response to a 

plurality of said access control specifiers. 
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90. (Currently Amended) A method of processing a packet comprising: 
d e t e rmining a s e l e ct e d selecting an output interface fer to which to forward the 

packet; 

determining forwarding permission for the packet, wherein 
the determining comprises 

matching one or more characteristics of said packet with one or more access 
control specifiers in at least one access control element; , wh e r e in said 
matching step is p e rformed in parall e l with said d e termining st e p; and 

processing said packet based on said matchin g forwarding permission; 

wherein, 

the selecting step is performed in parallel with the determining step . 

91 . (Previously Presented) The method of claim 32, wherein said one or more 
access control specifiers include a label match mask and a label match pattern. 

92. (Previously Presented) The system of claim 46, wherein said one or more 
access control specifiers include a label match mask and a label match pattern. 
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